Here are some of the most active APT Group trends in Sept-2023:
Week 38: September 18, 2023 to September 24, 2023
1. Stealth Falcon
A cybercrime organization called Stealth Falcon has been operating since at least 2012. The gang is well-known for using backdoors and spear-phishing emails to penetrate target networks. Many other types of organizations, such as governments, corporations, and think tanks, have been the targets of Stealth Falcon.
Numerous high-profile incidents, including as the hacking of the European Parliament and the US Department of State, have been connected to Stealth Falcon. Additionally, the organization has been charged with stealing confidential information from several businesses, including IBM and Microsoft.
Being a very skilled crew, Stealth Falcon has managed to avoid being discovered by numerous security companies. The gang is renowned for using specially created malware and for being able change its strategies to avoid detection
First Discovered: campaign of spyware attacks in 2016
Origin Country: United Arab Emirates
Countries Targeted: Middle East
Industries Targeted:
- Political activists
- journalists
- dissidents in the Middle East
Source 2: https://citizenlab.ca/2016/05/stealth-falcon/
2. Redhotel
Active since at least 2019, the Redhotel APT Group is a Chinese state-sponsored advanced persistent threat (APT) organization. The gang is well-known for its highly skilled assaults on corporations, governments, and academic institutions worldwide.
Redhotel APT Group’s ability to target a broad spectrum of victims and maintain a high operational tempo is attributed to its utilization of a two-tiered support architecture. The gang also employs a range of malware and attack methods, such as zero-day exploits, spear-phishing emails, and malware that has been specially created.
Redhotel APT Group has been connected to several high-profile cyberattacks, such as the hacking of the Vietnamese Institute of State, the European Parliament, and the US Department of State.
First Discovered: first discovered in 2019 by cybersecurity researchers at Mandiant.
Origin Country: Redhotel APT Group is believed to be based in China.
Countries Targeted:
- United States
- United Kingdom
- Canada
- Australia
- New Zealand
- Japan
- South Korea
- Taiwan
- Vietnam
- Singapore
- Malaysia
- Thailand
- Philippines
- Indonesia
Industries Targeted:
- Government
- Defense
- Aerospace
- Healthcare
- Technology
- Telecom
- Education
- Finance
- Energy
- Legal
- Manufacturing
- Media
source: https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf
Week 39: September 25, 2023 to October 1, 2023
1. OilRig
An Iranian advanced persistent threat (APT) organization called OilRig (also referred to as APT34, Cobalt Gypsy, Helix Kitten, and Menorah) has been operational since at least 2014. The gang is well-known for its highly skilled attacks on organizations, governments, and oil industries throughout the Middle East and beyond.
- OilRig has been linked to a number of high-profile attacks, including:
- OilRig was connected to many assaults against Saudi oil and gas firms in 2014.
- OilRig was connected to an attack on the Israeli Ministry of Defense in 2018.
- OilRig was connected to many bank hacks in the US and Israel in 2020.
- An attack against the US National Nuclear Security Administration in 2022 was connected to OilRig.
Source: https://thehackernews.com/2023/09/iranian-apt-group-oilrig-using-new.html